diff --git a/modules/module-list.nix b/modules/module-list.nix index b69295a89da..6a73cac8cb5 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -124,7 +124,6 @@ ./services/networking/gnunet.nix ./services/networking/gogoclient.nix ./services/networking/gvpe.nix - ./services/networking/gw6c/default.nix ./services/networking/ifplugd.nix ./services/networking/ircd-hybrid/default.nix ./services/networking/nat.nix diff --git a/modules/services/networking/gw6c/control.in b/modules/services/networking/gw6c/control.in deleted file mode 100644 index 24b868eb5c8..00000000000 --- a/modules/services/networking/gw6c/control.in +++ /dev/null @@ -1,44 +0,0 @@ -#! @shell@ -e - -# !!! use a proper Upstart job. - -# Make sure that the environment is deterministic. -export PATH=@coreutils@/bin -export PATH=@coreutils@/bin:@gnugrep@/bin:@gnused@/bin:@iputils@/bin:@iputils@/sbin:@procps@/bin:@seccure@/bin -export BASEDIR=$(dirname $(dirname $0)) - - mkdir /tmp/.gw6c || true - touch /tmp/.gw6c/gw6c.conf - chmod 0700 /tmp/.gw6c - chmod 0700 /tmp/.gw6c/gw6c.conf - seccure-decrypt -F @privkey@ -i $BASEDIR/conf/gw6c.conf > /tmp/.gw6c/gw6c.conf - -stop () -{ - pkill gw6c -} - -ln -s /dev/net/tun /dev/tun || true; - -if test "$1" = "start"; then - trap 'stop ; exit ' 15 - - if test -n "@pingBefore@"; then while ! @iputils@/sbin/ping @gw6server@ -c1 -w1 ; do sleep 1; done; fi - cd /tmp/.gw6c - @coreutils@/bin/yes | \ - env - HOME=/tmp/.gw6c $extraEnv \ - @gw6c@/bin/gw6c -f /tmp/.gw6c/gw6c.conf 2>&1 >/var/log/gw6c.out - while @procps@/bin/pgrep gw6c; do - sleep @everPing@; - @iputils@/sbin/traceroute6 $( @coreutils@/bin/cat /var/log/gw6c.log | - @gnugrep@/bin/grep peer | - @gnused@/bin/sed -e 's/.*with //; s/ .*//' | - @coreutils@/bin/head -1) & - done; - pkill gw6c; - exit -fi - -if test "$1" = "stop"; then - env - HOME=/homeless-shelter @procps@/bin/pkill gw6c; -fi; diff --git a/modules/services/networking/gw6c/default.nix b/modules/services/networking/gw6c/default.nix deleted file mode 100644 index 8471a0c756a..00000000000 --- a/modules/services/networking/gw6c/default.nix +++ /dev/null @@ -1,163 +0,0 @@ -{ config, pkgs, ... }: - -with pkgs.lib; - -let - - cfg = config.services.gw6c; - - gw6cService = pkgs.stdenv.mkDerivation { - name = "gw6c-service"; - inherit (pkgs) gw6c coreutils procps upstart iputils gnused gnugrep seccure; - - inherit (cfg) username password keepAlive everPing; - - gw6server = cfg.server; - authMethod = if cfg.username == "" then "anonymous" else "any"; - gw6dir = pkgs.gw6c; - - pingBefore = if cfg.waitPingableBroker then "true" else ""; - - pubkey = config.security.seccureKeys.public; - privkey = config.security.seccureKeys.private; - - buildCommand = - '' - mkdir -p $out/bin $out/conf - - mkdir conf - chmod 0700 conf - touch conf/raw - chmod 0700 conf/raw - - substituteAll ${./gw6c.conf} conf/raw - $seccure/bin/seccure-encrypt "$(cat $pubkey)" -i conf/raw -o $out/conf/gw6c.conf - substituteAll ${./control.in} $out/bin/control - chmod a+x $out/bin/control - ''; - }; - -in - -{ - - ###### interface - - options = { - - services.gw6c = { - - enable = mkOption { - default = false; - description = " - Whether to enable Gateway6 client (IPv6 tunnel). - "; - }; - - autorun = mkOption { - default = true; - description = " - Switch to false to create upstart-job and configuration, - but not run it automatically - "; - }; - - username = mkOption { - default = ""; - description = " - Your Gateway6 login name, if any. - "; - }; - - password = mkOption { - default = ""; - description = " - Your Gateway6 password, if any. - "; - }; - - server = mkOption { - default = "anon.freenet6.net"; - example = "broker.freenet6.net"; - description = " - Used Gateway6 server. - "; - }; - - keepAlive = mkOption { - default = "30"; - example = "2"; - description = " - Gateway6 keep-alive period. - "; - }; - - everPing = mkOption { - default = "1000000"; - example = "2"; - description = " - Gateway6 manual ping period. - "; - }; - - waitPingableBroker = mkOption { - default = true; - example = false; - description = " - Whether to wait until tunnel broker returns ICMP echo. - "; - }; - - }; - - security.seccureKeys = { - - # !!! It's not clear to me (ED) what additional security this - # provides. Passwords shouldn't be in configuration.nix, - # period. You could just place the password in - # /var/blah/password or whatever. - - public = mkOption { - default = /var/elliptic-keys/public; - description = " - Public key. Make it path argument, so it is copied into store and - hashed. - - The key is used to encrypt Gateway 6 configuration in store, as it - contains a password for external service. Unfortunately, - derivation file should be protected by other means. For example, - nix-http-export.cgi will happily export any non-derivation path, - but not a derivation. - "; - }; - - private = mkOption { - default = "/var/elliptic-keys/private"; - description = " - Private key. Make it string argument, so it is not copied into store. - "; - }; - - }; - - }; - - - ###### implementation - - config = mkIf cfg.enable { - - jobs.gw6c = - { description = "Gateway6 client"; - - startOn = optionalString cfg.autorun "starting networking"; - stopOn = "stopping network-interfaces"; - - exec = "${gw6cService}/bin/control start"; - }; - - networking.enableIPv6 = true; - - }; - -} diff --git a/modules/services/networking/gw6c/gw6c.conf b/modules/services/networking/gw6c/gw6c.conf deleted file mode 100644 index e6c4362d27c..00000000000 --- a/modules/services/networking/gw6c/gw6c.conf +++ /dev/null @@ -1,338 +0,0 @@ -#----------------------------------------------------------------------------- -# $Id: gw6c.conf.in,v 1.5 2007/05/09 13:41:32 cnepveu Exp $ -#----------------------------------------------------------------------------- - -########################## READ ME! ################################ -# -# Welcome to the Gateway6 Client configuration file. -# In order to use the client, you need to modify the 'userid', 'passwd' and -# 'server' parameters below depending on which of these situations applies: -# -# 1. If you created a Freenet6 account, enter your userid and password below. -# Change the server name to "broker.freenet6.net" and auth_method to 'any'. -# 2. If you would like to use Freenet6 without creating an account, -# do not make any modifications and close this file. -# 3. If this software was provided by your ISP, enter the userid, password and -# server name provided by your ISP below. -# - - -########################## BASIC CONFIGURATION ################################ - -# -# User Identification and Password: -# Specify your user name and password as provided by your ISP or Freenet6. -# If you plan to connect anonymously, leave these values empty. -# NOTE: Change auth_method option if you are using a username/password. -# -# userid= -# passwd= -# -userid=@username@ -passwd=@password@ - - -# -# Gateway6 Server: -# Specify a Gateway6 server name or IP address (provided by your ISP or -# Freenet6). An optional port number can be added; the default port number -# is 3653. -# -# Examples: -# server=hostname # FQDN -# server=A.B.C.D # IPv4 address -# server=[X:X::X:X] # IPv6 address -# server=hostname:port_number -# server=A.B.C.D:port_number -# server=[X:X::X:X]:port_number -# -# Freenet6 account holders should enter broker.freenet6.net, otherwise use -# anon.freenet6.net. Your ISP may provide you with a different server name. -# -#server=anon.freenet6.net -#server=broker.freenet6.net -#server=broker.aarnet.net.au -server=@gw6server@ - -# -# Authentication Method: -# -# auth_method=<{anonymous}|{any|passdss-3des-1|digest-md5|plain}> -# -# anonymous: Sends no username or password -# -# any: The most secure method will be used. -# passdss-3des-1: The password is sent encrypted. -# digest-md5: The password is sent encrypted. -# plain: Both username and password are sent as plain text. -# -# Recommended values: -# - any: If you are authenticating a username / password. -# - anonymous: If you are connecting anonymously. -# -#auth_method=anonymous -#auth_method=any -auth_method=@authMethod@ - - -########################## ROUTING CONFIGURATION ############################## -# Use these parameters when you wish the client to act as a router and provide -# IPv6 connectivity to IPv6-capable devices on your network. - -# -# Local Host Type: -# Change this value to 'router' to enable IPv6 advertisements. -# -# host_type= -# -host_type=host - -# -# Prefix Length: -# Length of the requested prefix. Valid values range between 0 and 64 when -# using V6*V4 tunnel modes, and between 0 and 32 when using V4V6 tunnel mode. -# -# prefixlen= -# -prefixlen=64 - -# -# Advertisement Interface Prefix: -# Name of the interface that will be configured to send router advertisements. -# This is an interface index on Windows (ex: 4) and a name on Linux -# and BSD (ex: eth1 or fxp1). -# -# if_prefix= -# -if_prefix= - -# -# DNS Server: -# A DNS server list to which the reverse prefix will be delegated. Servers -# are separated by the colon(:) delimiter. -# -# Example: dns_server=ns1.domain:ns2.domain:ns3.domain -# -dns_server= - - -######################### ADVANCED CONFIGURATION ############################## - -# -# Gateway6 Client Installation Directory: -# Directory where the Gateway6 Client will be installed. This value has been -# set during installation. -# -gw6_dir=@gw6dir@ - -# -# Auto-Retry Connect and Delay: -# The time lapse, in seconds, between each reconnection in the case of a -# timeout. -# -# auto_retry_connect= -# retry_delay= -# -# Recommended values: "yes" and 30 -# -auto_retry_connect=yes -retry_delay=5 - -# -# Keepalive Feature and Message Interval: -# Indicates if and how often the client will send data to keep the tunnel -# active. -# -# keepalive= -# keepalive_interval= -# -# Recommended values: "yes" and 30 -# -keepalive=yes -keepalive_interval=@keepAlive@ - -# -# Tunnel Encapsulation Mode: -# v6v4: IPv6-in-IPv4 tunnel. -# v6udpv4: IPv6-in-UDP-in-IPv4 tunnel (for clients behind a NAT). -# v6anyv4: Lets the broker choose the best mode for IPv6 tunnel. -# v4v6: IPv4-in-IPv6 tunnel. -# -# Recommended value: v6anyv4 -# -tunnel_mode=v6anyv4 - -# -# Tunnel Interface Name: -# The interface name assigned to the tunnel. This value is O/S dependent. -# -# if_tunnel_v6v4 is the tunnel interface name for v6v4 encapsulation mode -# if_tunnel_v6udpv4 is the tunnel interface name for v6udpv4 encapsulate mode -# if_tunnel_v4v6 is the tunnel interface name for v4v6 encapsulation mode -# -# Default values are set during installation. -# -if_tunnel_v6v4=sit1 -if_tunnel_v6udpv4=tun -if_tunnel_v4v6=sit0 - -# -# Local IP Address of the Client: -# Allows you to set a specific address as the local tunnel endpoint. -# -# client_v4= -# client_v6= -# auto: The Gateway6 Client will find the local IP address endpoint. -# -# Recommended value: auto -# -client_v4=auto -client_v6=auto - -# -# Script Name: -# File name of the script to run to install the tunnel interface. The -# scripts are located in the template directory under the client -# installation directory. -# -# template= -# -# Default value is set during installation. -# -template=linux - -# -# Proxy client: -# Indicates that this client will request a tunnel for another endpoint, -# such as a Cisco router. -# -# proxy_client= -# -# NOTE: NAT traversal is not possible in proxy mode. -# -proxy_client=no - - -############################ BROKER REDIRECTION ############################### - -# -# Broker List File Name: -# The 'broker_list' directive specifies the filename where the broker -# list received during broker redirection will be saved. -# -# broker_list= -# -broker_list=/tmp/tsp-broker-list.txt - -# -# Last Server Used File Name: -# The 'last_server' directive specifies the filename where the address of -# the last broker to which a connection was successfully established will -# be saved. -# -# last_server= -# -last_server=/tmp/tsp-last-server.txt - -# -# Always Use Last Known Working Server: -# The value of the 'always_use_same_server' directive determines whether the -# client should always try to connect to the broker found in the -# 'last_server' directive filename. -# -# always_use_same_server= -# -always_use_same_server=no - - -#################################### LOGGING ################################## - -# -# Log Verbosity Configuration: -# The format is 'log_=level', where possible values for -# 'destination' are: -# -# - console (logging to the console [AKA stdout]) -# - stderr (logging to standard error) -# - file (logging to a file) -# - syslog (logging to syslog [Unix only]) -# -# and 'level' is a digit between 0 and 3. A 'level' value of 0 disables -# logging to the destination, while values 1 to 3 request increasing levels -# of log verbosity and detail. If 'level' is not specified, a value of 1 is -# assumed. -# -# Example: -# log_file=3 (Maximal logging to a file) -# log_stderr=0 (Logging to standard error disabled) -# log_console= (Minimal logging to the console) -# -# - Default configuration on Windows platforms: -# -# log_console=0 -# log_stderr=0 -# log_file=1 -# -# - Default configuration on Unix platforms: -# -# log_console=0 -# log_stderr=1 -# log_file=0 -# log_syslog=0 -# -#log_console= -#log_stderr= -#log_file= -#log_syslog= -log_file=3 - -# -# Log File Name: -# When logging to file is requested using the 'log_file' directive, the name -# and path of the file to use may be specified using this directive. -# -# log_filename= -# -log_filename=/var/log/gw6c.log - -# -# Log File Rotation: -# When logging to file is requested using the 'log_file' directive, log file -# rotation may be enabled. When enabled, the contents of the log file will -# be moved to a backup file just before it reaches the maximum log file size -# specified via this directive. -# -# The name of the backup file is the name of the original log file with -# '.' inserted before the file extension. If the file does not -# have an extension, '.' is appended to the name of the original -# log file. The timestamp specifies when the rotation occurred. -# -# After the contents of the log file have been moved to the backup file, the -# original file is cleared, and logging resumes at the beginning of the file. -# -# log_rotation= -# -log_rotation=no - -# -# Log File Rotation Size: -# The 'log_rotation_size' directive specifies the maximum size a log file may -# reach before rotation occurs, if enabled. The value is expressed in -# kilobytes. -# -# log_rotation_size=<16|32|128|1024> -# -log_rotation_size=32 - -# -# Syslog Logging Facility [Unix Only]: -# When logging to syslog is requested using the 'log_syslog' directive, the -# facility to use may be specified using this directive. -# -# syslog_facility= -# -syslog_facility=USER - - -# end of gw6c.conf -#------------------------------------------------------------------------------